1 \d . A method for initializing secure communications between a first device and a second 
QiyK device, said first and second devices each having a public key of a Certificate Authority 

3 and \ device certificate, said device certificate having a unique hardware identifier 

4 associated with said respective device, and a public key associated with said respective 

5 device, said method comprising the steps of: 

6 establishing a session between said first device and said second device; 

7 negotiating two-way session encryption and mutual authentication requirements between 

8 said first and said second device; 

^ exchanging device certificates^ said first device and said second device; 

iro cryptographically verifying the received certificate using the public key of said Certificate 

igai Authority; \ 

life exchanging challenges created by each of said first and second devices; 

responding to said respective challenges by signing said received challenge, using the 

14 receiving device's private key, said private keys residing in the respective protected storage 

15 in each said device; \ 

16 returning said signed challenges; \ 

17 cryptographically verifying that said received challenge signature is of the challenge 

18 previously sent by said receiving device; \ 
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Wablishing a key agreement between said first and said second devices; and, 
estaotehing secure communications if all of said prior verifying steps succeed. 

2. A method as claimed in claim 1 wherein said first established session is non-secure. 

3. A method a\ claimed in claim 1 wherein said first established session is an 
authenticated connection. 

4. A method as claimecNin claim 1 wherein said first established session is an encrypted 
connection. \ 

5. A method as claimed in clainal wherein said unique hardware identifier is a machine 
(MAC) address for said associateckdevice. 

6. A method as claimed in claim 1 whertein said protected storage is a write-only storage 
with the ability to perform computations involving previously-written data. 

7. A method as claimed in claim 1 wherein saiti protected storage is read-write storage 
wherein the read capacity of said storage is accessible only by means of a shared secret. 

8. A method as claimed in claim 1 wherein said publicity of a Certificate Authority is a 
public key of a root Certificate Authority. \ 




CR9-99-033 



-27- 



9\ A program for initializing secure communications between a first device and a second 
devihe, said first and second devices each having a public key of a Certificate Authority 
and a device certificate, said device certificate having a unique hardware identifier 
associatedNwith said respective device, and a public key associated with said respective 
device, said program code comprising: 

computer program oode means for establishing a session between said first device and 
said second device; \ 

computer program code mkans for negotiating two-way session encryption and mutual 
authentication requirements Between said first and said second device; 

computer program code means fonexchanging device certificates of said first device and 
said second device; \ 

computer program code means for cryptographically verifying the received certificate using 
the public key of said Certificate Authority; \ 

computer program code means for exchanging challenges created by each of said first and 
second devices; \ 

computer program code means for responding to saici respective challenges by signing 
said received challenge, using the receiving device's private key, said private keys residing 
in the respective protected storage in each said device; \ 

computer program code means for returning said signed challenges; 
CR9-99-033 -28- V) 



20 computer program code means for cryptographically verifying that said received challenge 

21 signature is of the challenge previously sent by said receiving device; 

22 computer program code means for establishing a key agreement between said first and 
«i said second devices; and, 

[m computer program colste means for establishing secure communications if all of said prior 

25 verifying steps succeed\ 

1 10. A program as claimed^ claim 9 wherein said first established session is non- 

2 secure. \ 

11. A program as claimed in clairk 9 wherein said first established session is an 

ff2 authenticated connection. \ 

H 3=2 \ 

E "l 12. A program as claimed in claim 9 whetein said first established session is an 

Jli encrypted connection. \ 

M 13. a program as claimed in claim 9 wherein saick unique hardware identifier is a 

2 machine (MAC) address for said associated device. \ 

1 14. A program as claimed in claim 9 wherein said protected storage is a write-only 

2 storage with the ability to perform computations involving previousW-written data. 
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1$. A program as claimed in claim 9 wherein said protected storage is read-write 
storage wherein the read capacity of said storage is accessible only by means of a shared 
secretX 

16. A program as claimed in claim 9 wherein said public key of a Certificate Authority 
is a public key of\ root Certificate Authority. 

1 7. A system for initializing secure communications between a first device and a second 
device, said first and second devices each having a public key of a Certificate Authority 
and a device certificate, said device certificate having a unique hardware identifier 
associated with said respective ctevice, and a public key associated with said respective 
device, said system comprising: \ 

a communications mechanism for establishing a session between said first device and said 
second device, negotiating two-way session encryption and mutual authentication 
requirements between said first and said\second device, and exchanging device 
certificates of said first device and said second clevice; 

a verifier for cryptographically verifying the received certificate using the public key of said 
Certificate Authority; \ 

a negotiation mechanism for exchanging challenges created by each of said first and 
second devices, responding to said respective challenges N>y signing said received 
challenge, using the receiving device's private key, said private keys residing in the 
respective protected storage in each said device, returning said signed challenges, 
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cryotographically verifying that said received challenge signature is of the challenge 
previously sent by said receiving device.establishing a key agreement between said first 
and said second devices; and, establishing secure communications if all of said prior 
verifying steps succeed. 

18. A systemvas claimed in claim 17 wherein said first established session is non- 
secure. \ 

19. A system as claimed in claim 17 wherein said first established session is an 
authenticated connection. \ 

20. A system as claimed in cJaim 17 wherein said first established session is an 
encrypted connection. \ 

21. A system as claimed in claim l\ wherein said unique hardware identifier is a 
machine (MAC) address for said associateckdevice. 

22. A system as claimed in claim 17 wherein, said protected storage is a write-only 
storage with the ability to perform computations involving previously-written data. 

23. A system as claimed in claim 17 wherein saidNprotected storage is read-write 
storage wherein the read capacity of said storage is accessible only by means of a shared 
secret. \ 

24. A system as claimed in claim 17 wherein said public key ola Certificate Authority 
is a public key of a root Certificate Authority. \ 
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